Enable data protection to protect data at rest

[whaber]

The Data Protection entitlement is not enabled within the Xcode project for the App. When enabled, the Data Protection capability will automatically protect all files created by the App with the strongest Data Protection class, NSFileProtectionComplete; this protection class ensures that the file is encrypted with the user's passcode whenever the device is locked.

As described in the iOS Security Guide in the "Data Protection" section, the default Data Protection class for files since iOS 7 is NSFileProtectionCompleteUntilFirstUserAuthentication, which only encrypts the user's data until the very first time they unlock their device:

Enable the Data Protection entitlement in the Xcode project configuration of the App. As shown in the screenshot, this setting is available in the "Capabilities" tab within Xcode.
Because the entitlement will cause iOS to encrypt all the App's files when the device is locked, it might cause problems if the App tries to access its files while running in the background (ie. when the device might be locked). To work around this problem, App can lower the protection level to NSFileProtectionCompleteUntilFirstUserAuthentication for the specific files that need to be accessed while in the background, as described in the Encrypting Your App's Files article within the Apple documentation.

Lastly, the applicationProtectedDataWillBecomeUnavailable: and applicationProtectedDataDidBecomeAvailable: App delegate methods can be used to manage the App's access to protected files.

[github-actions]

This issue is stale because it has been open for 14 days with no
activity. It will automatically close after 7 more days of inactivity.